Re: heimdal -> MIT kdc migration Was: August 2025 stabilization week
- In reply to: Rick Macklem : "Re: heimdal -> MIT kdc migration Was: August 2025 stabilization week"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 26 Aug 2025 18:21:25 UTC
In message <CAM5tNy7_KvG6zVg+DLqAySdoUJw1qrxJxTBGARJ_kHxE-trevQ@mail.gmail.c om> , Rick Macklem writes: > On Tue, Aug 26, 2025 at 8:31=E2=80=AFAM Gleb Smirnoff <glebius@freebsd.org>= > wrote: > > > > On Tue, Aug 26, 2025 at 08:13:26AM -0700, Rick Macklem wrote: > > R> Ok. If you install FreeBSD-13.5 and then "pkg install heimdal", you ge= > t a > > R> working Heimdal-7.8 in ports. > > R> > > R> Now, I have another challenge. Fixing the master passwords. > > R> I'll work on it later to-day. > Ok, I finally got the database to move over, (using Heimdal-7.8) but > the passwords didn't work. > kinit would complain that the password was wrong before it even prompted > for the password. > > Doing a change_password in kadmin.local made it work, but changing > everyone's password would be a pain. My initial testing when I did my first migration has shown this is correct. The process I used was to export from our Hiemdal 1.5.2 and import into Heimdal 7.8.0 (using the port). Then reinstall using WITH_MITKRB5 or using the security/krb5 port. The database imported correctly I could see the principals but the passwords did not decrypt. This was also a problem when exporting from our Heimdal 1.5.2 and using a Heimdal 7.8.0 kdc, i.e. performing the first step of the migration and using the Heimdal port as a kdc. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e**(i*pi)+1=0